package com.carrot.uaa.common.config;/*
package com.circue.uaa.common.config;

import com.circue.uaa.property.CustomSecurityProperties;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.filter.CorsFilter;

*/
/**
 * @description:
 * @author: zl
 * @date: 2023/9/20
 *//*

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
@EnableMethodSecurity(jsr250Enabled = true, securedEnabled = true)
public class ResourceConfig {

    private final CorsFilter corsFilter;

    private final CustomSecurityProperties customSecurityProperties;


    */
/**
     * 配置认证相关的过滤器链(资源服务，客户端配置)
     *
     * @param http spring security核心配置类
     * @return 过滤器链
     * @throws Exception 抛出
     *//*

    @Bean
    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf->csrf.ignoringRequestMatchers(customSecurityProperties.getIgnoreUriList().toArray(new String[0])));
        // 添加跨域过滤器
        http.addFilter(corsFilter);
        // 添加基础的认证配置
        http.authorizeHttpRequests((authorize) -> authorize
                        // 放行静态资源和不需要认证的url
                        .requestMatchers(customSecurityProperties.getIgnoreUriList().toArray(new String[0])).permitAll()
                        .anyRequest().authenticated()
                )
                // 指定登录页面
                .formLogin(formLogin -> {
                            formLogin.loginPage(customSecurityProperties.getLoginUrl());
                        }
                )
                //登出配置
              ;
        // 添加BearerTokenAuthenticationFilter，将认证服务当做一个资源服务，解析请求头中的token
*/
/*        http.oauth2ResourceServer((resourceServer) -> resourceServer
                .jwt(Customizer.withDefaults()));*//*


  */
/*      http.oauth2ResourceServer((resourceServer)->resourceServer
                .opaqueToken(Customizer.withDefaults()));*//*

        return http.build();
    }
}
*/
